An API key is how you let another application talk to Annature on your behalf. It's worth being clear about what that actually means before you create one: an API key grants full, super-user access to all of your Annature data. When you hand your key to another platform, you're effectively saying "go ahead and access everything in my account" — every envelope, every recipient, every piece of client data.
That's not a reason to avoid API keys; it's the whole point of them, and they're the secure, standard way to connect systems. But it does mean a key should be treated like a master password. Only give it to platforms you trust, store it somewhere secure, and revoke it the moment it's no longer needed or you suspect it's been exposed.
Only organisation owners and team members with admin permissions can create or manage API keys. If you can't see the option, you'll need someone with the right role to do it or to grant you access.
Go to Developers.
Click Create API Key.
Enter a name that identifies the integration it's for — something like "Practice Management App" — so you can tell your keys apart later and know exactly what to revoke if something changes.
Click Generate.
Copy the ID and key and store them somewhere secure before closing the window.
Note: The full key is only shown once, at the moment you create it. We don't display it again afterwards, so if you don't copy it now you'll need to generate a new one. This is deliberate — it means the complete key never sits in your account waiting to be read.
Your key gives secure access to Annature's API endpoints and is unique to your organisation. Where you enter it depends on the platform you're connecting — check your integration partner's documentation for the exact steps on their side.
Because the key carries full access, only paste it into systems you trust and that store it securely. If a partner asks you to send your key over email or chat, that's a red flag — keys should go straight into a secure field, not a message someone can read later.
You can manage or revoke keys at any time under Settings > Developers. If a key is no longer needed, or you think it might have been compromised, delete it and generate a fresh one. Deleting a key takes effect immediately, so any integration still using the old key will stop working until you give it the new one — handy to know if you're rotating a key on a live integration.
Last updated: 17 June, 2026